How to Combat Social Engineering – the Biggest IT Security Threat to Small Businesses in the UK

Despite the increased threat of cyber-attacks, it has been observed that UK businesses are continuing to ignore warnings about the dangers of social engineering in cyber-attacks.

Here’s what you need to know and how you can combat it.

Social Engineering is big news in today’s IT security threat profile.

This is because, in so many IT systems, people are the weakest link – which makes social engineering attacks such as phishing, vishing and spear-phishing an attractive exploit for would-be attackers.

However, UK businesses are continuing to fail to take the threat of social-engineering attacks seriously.

A recent report from Callcredit Information Group found that less than a quarter of businesses believe social engineering will pose a major threat over the next two to three years.

This, even though 42% of fraud prevention managers are already reporting they are frequently experiencing phishing attacks.

Failing to take the IT security threat seriously

So why this disconnect?

Despite our reliance on technology across all areas of business today, businesses are not investing enough time, effort and money to protect their IT real estate from malicious attacks.

For small businesses, the problem is even worse: according to Netwrix’s 2017 IT Risks Report, 73% of small businesses don’t have a separate IT security function.

Even for those that do, many lack the skills, tools and expertise necessary to counter today’s evolving IT security threat.

The flurry of activity around the GDPR deadline earlier this year demonstrates how many businesses fail to plan effectively around data and security – and how much activity is reactive rather than timely and proactive.

Yet, GDPR adds a new risk to the data security issue for UK businesses.

Under the regulation, businesses must be able to demonstrate they are adequately protecting the data they hold on individuals.

If they can’t – or don’t – they could face big fines.

Mitigating the risk of social engineering threats

So, what can businesses – and particularly small and medium-sized businesses – do to reduce the threat?

Since people are the weakest link in most security landscapes, the priority focus must be around training and awareness sessions.

These help users to identify potential threats, understand the risks and know what to do about them.

Security Awareness Training

The service subsequently sends spoof phishing-style emails to business users. If clicked on, these then direct users to an online e-learning course which aims to improve their understanding of and ability to spot such attacks.

We’ve found that the training is invaluable for our clients; those who have taken it are more aware of potential IT threats and much less susceptible to cyber-attack.

Understanding where the biggest risks are within your organisation is another way to prioritise awareness-raising effort.

Spear-phishing attacks are targeted directly at those employees who have access to the most desirable information.

What Steps Should You Take?

Your first step should be to identify which information you hold is of most interest to hackers (e.g. financial information).

The second step is to understand who has access to that sensitive data and help them to recognise and deal with likely threats.

Supplementing this effort with access controls and extra layers of user authentication. An example of which is two-factor authentication and is a good idea for the most sensitive systems, applications and data.

Mitigating the overall security threat

Inevitably, alongside your efforts to mitigate the social engineering security threat, businesses need to maintain good IT security across the board.

Even without in-house security expertise, there are several important things businesses must do to in this regard.

Read our list of 4 things you can do to improve your IT security:

1. Install updates and patches

Out-of-date operating systems and software can be a major source of security vulnerabilities.

Cloud systems help with this, as software version control is managed centrally rather than on local devices and machines.

But, whatever your set up, you need to ensure you install updates and patches as soon as possible. This ensures you get maximum possible protection against bugs and security issues.

2. Ensure you have the right protection

You need good security software: multi-layer firewalls can help to create tiered layers of security with the most sensitive data best protected.

Your firewall needs to be paired with intrusion monitoring and security log monitoring, so you can stay abreast of the threat levels and changing profiles.

Best practice recommends penetration testing – essential in some industries – to ensure you are protecting your networks and data.

Ensuring you have the right protection doesn’t have to be expensive; many cloud-based tools are available that help to drive down the cost of these solutions.

Tags

About Mit Patel

Mit - Managing Director. In 2002, Mit founded Netstar. He has helped grow Netstar to become an indispensable partner to some of London’s finest businesses, including well known names in the Financial Services industry. Mit works across all aspects of the business including strategic planning and key account management. Mit is focused on ensuring the delivery of a high quality service, and providing strategic value to help our customers overcome their business challenges. View all posts by Mit Patel →

Talk to Us!

Learn how we can help your business become more efficient, secure and grow with our cutting edge technology solutions and IT support. Get your free consultation today with one of our London based experts.